Mobile devices have become a common computing tool for customers to establish authenticated sessions with various computing resources for secure execution of transactions and workflows. Often, customers interact with a native application on a mobile device for part of a transaction, then desire to transition to additional functionality only offered by a web resource via a browser application on the device. For example, most native mobile applications are unable to perform certain transactions like charitable giving that run afoul of the terms and conditions of the third party that provides downloads of the application via an app store—so a native application requires a way to securely transfer the session to a web resource to continue the workflow.
In addition, the authors and/or providers of the native application may not be the same entity as the providers of the corresponding web resources—such that each entity may require different authentication requirements and contexts in order to use the respective computing services. Additionally, a native application may execute on the mobile device under a sandboxed process that is separate from the process of the web browser on the mobile device. While technologies that offer seamless transfer of a session between different entities/processes/contexts/service providers via a web browser are available today (e.g., cross-domain single sign-on (SSO), Security Assertion Markup Language (SAML)), seamless SSO transition from native mobile applications to web-based resources is challenging.